2023-08-25_a4e7c6ea16873d48eab8fa67a79efcb7_icedid_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

2023-08-25_a4e7c6ea16873d48eab8fa67a79efcb7_icedid_JC.exe
Size

2.6MB
MD5

a4e7c6ea16873d48eab8fa67a79efcb7
SHA1

d76ca470a21a63e273ac538037402ea728e78f5f
SHA256

f371c36f7b0ad204fbed35c24242ff3455d1b7b72ee308b1802e9c91d160d658
SHA512

8e5325fd4f024f42f33f68cb607c1be58a92b4d2cd6b72431690466b95399447673888f8bd12e9a3f6ba0b52cc67c31eaf04c5abe1f2cab18f84169961610e53
SSDEEP

24576:41s1/ks/h6J3lsWs4fgvJ/rd4wc3DVQjnnQnf:l83lsWsygvZdO3DVQO

Score

1^/10

Malware Config

Signatures

Files

2023-08-25_a4e7c6ea16873d48eab8fa67a79efcb7_icedid_JC.exe
.exe windows:4 windows x86

6ebeaa0265bfdff169abf2b7f5aa9e43

Code Sign

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bc
Certificate

Issuer

CN=thawte SHA256 Code Signing CA - G2,O=thawte\, Inc.,C=US

Not Before

19-10-2020 00:00

Not After

18-01-2024 23:59

Subject

CN=X-Legend Entertainment CO.\, LTD.,OU=MIS,O=X-Legend Entertainment CO.\, LTD.,L=Xinyi District,ST=Taipei City,C=TW

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:46:31:76:9a:96:1d:35:33:16:b0:8e:a6:06:64:48:c7:58:48:68
Signer

Actual PE Digest

b5:46:31:76:9a:96:1d:35:33:16:b0:8e:a6:06:64:48:c7:58:48:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wldap32

ord33
ord200
ord79
ord35
ord301
ord30
ord26
ord50
ord60
ord143
ord211
ord22
ord27
ord41
ord46
ord32

kernel32

GlobalFree
GlobalUnlock
GlobalLock
MulDiv
GlobalAlloc
lstrcmpW
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetCurrentThreadId
GetModuleFileNameA
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCurrentThread
InterlockedIncrement
GetThreadLocale
FileTimeToLocalFileTime
LocalFileTimeToFileTime
GetFileTime
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
FreeResource
WritePrivateProfileStringA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
GetSystemTimeAsFileTime
GetDriveTypeA
GetTimeFormatA
GetDateFormatA
GetProcessHeap
ExitThread
HeapSize
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetACP
IsValidCodePage
VirtualFree
HeapDestroy
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringA
LCMapStringW
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetExitCodeProcess
SetEnvironmentVariableA
ExpandEnvironmentStringsA
GetStdHandle
PeekNamedPipe
CreateMutexA
CreateEventA
WaitForMultipleObjects
SetEvent
ReleaseMutex
LoadLibraryA
FreeLibrary
SetLastError
SleepEx
FindNextFileA
GetFileInformationByHandle
DosDateTimeToFileTime
DuplicateHandle
GetFileType
SetFilePointer
GetExitCodeThread
TerminateThread
CreateDirectoryA
FileTimeToSystemTime
SetFileTime
CreateThread
RemoveDirectoryA
InterlockedDecrement
GetTickCount
OutputDebugStringA
GetFileSize
ReadFile
MoveFileA
GetSystemTime
FindFirstFileA
FindClose
GetFileAttributesA
SetFileAttributesA
FormatMessageA
LocalFree
GetVersionExA
DeleteFileA
FindResourceExA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetModuleFileNameW
SetCurrentDirectoryW
SetThreadLocale
GetCommandLineA
CopyFileA
GetStartupInfoA
CreateProcessA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
WaitForSingleObject
TerminateProcess
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
MultiByteToWideChar
InterlockedExchange
GetCurrentDirectoryA
Sleep
GetLocalTime
SystemTimeToFileTime
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetOEMCP

user32

EndPaint
DestroyMenu
GetSysColorBrush
SetCapture
ReleaseCapture
CopyAcceleratorTableA
SetRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetForegroundWindow
GetLastActivePopup
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
BeginPaint
SetForegroundWindow
IsWindowVisible
GetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
PtInRect
GetDlgCtrlID
CallWindowProcA
SetWindowPos
IntersectRect
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetActiveWindow
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetActiveWindow
EnumDisplaySettingsA
SystemParametersInfoA
CreateWindowExA
ShowWindow
GetMessageA
UnregisterClassA
PostQuitMessage
DefWindowProcA
DrawTextA
OffsetRect
CopyRect
FrameRect
LoadBitmapA
IsRectEmpty
SetWindowRgn
PostMessageA
GetWindowLongA
SetWindowLongA
RedrawWindow
InflateRect
LoadImageA
wsprintfA
InvalidateRect
GetSystemMetrics
LoadIconA
KillTimer
GetClientRect
IsIconic
GetSystemMenu
AppendMenuA
DrawIcon
FillRect
LoadCursorA
MessageBoxA
FindWindowA
GetWindowThreadProcessId
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
CharNextA
CharUpperA
SetWindowContextHelpId
MapDialogRect
SetCursor
GetWindowTextLengthA
GetWindowTextA
IsWindow
SetWindowTextA
PeekMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
GetParent
GetWindowRect
GetDesktopWindow
MoveWindow
EnableWindow
SendMessageA
CreateDialogIndirectParamA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetWindowExtEx
CreateFontIndirectA
CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
GetViewportExtEx
GetBkColor
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
BitBlt
CombineRgn
CreateRectRgn
CreateSolidBrush
GetStockObject
GetObjectA
StretchBlt
SelectObject
CreateCompatibleDC
CreateBitmap
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetTextColor

comdlg32

GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegDeleteKeyA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
CryptGetHashParam
RegFlushKey
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
CryptAcquireContextA
CryptCreateHash
CryptHashData

shell32

ShellExecuteA
ShellExecuteExA
DragQueryFileA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathFileExistsA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CLSIDFromProgID
CoUninitialize
CoTaskMemFree

oleaut32

VariantTimeToSystemTime
VariantCopy
OleCreateFontIndirect
VariantChangeType
SysAllocStringByteLen
SysStringLen
VariantInit
VariantClear
SysAllocStringLen
SysFreeString
SysAllocString
VarUdateFromDate
SystemTimeToVariantTime
SafeArrayDestroy

ws2_32

ioctlsocket
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
setsockopt
getsockopt
htons
bind
getsockname
WSAStartup
WSACleanup
socket
ntohs
connect
closesocket
WSAGetLastError
send
recv
gethostbyname

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 580KB - Virtual size: 576KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ebeaa0265bfdff169abf2b7f5aa9e43

Code Sign

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bcCertificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

b5:46:31:76:9a:96:1d:35:33:16:b0:8e:a6:06:64:48:c7:58:48:68Signer

Headers

File Characteristics

Imports

version

wldap32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

ws2_32

iphlpapi

Sections

.text Size: 580KB - Virtual size: 576KB

.rdata Size: 136KB - Virtual size: 133KB

.data Size: 20KB - Virtual size: 33KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

23:47:ed:a5:a0:2a:3f:41:2b:40:cd:b1:92:b8:6e:bc
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

b5:46:31:76:9a:96:1d:35:33:16:b0:8e:a6:06:64:48:c7:58:48:68
Signer

.text
Size: 580KB - Virtual size: 576KB

.rdata
Size: 136KB - Virtual size: 133KB

.data
Size: 20KB - Virtual size: 33KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB